Data protection is an annoying but nevertheless very important topic. Here you will find answers to the most frequently asked questions about the new data protection regulation.
Does fitogram comply with the GDPR?
The new GDPR came into force on 25 May. We at fitogram take data protection seriously, of course. Let’s answer the most important question first: Yes, fitogram does meet the requirements of the GDPR. Our technical and organisational measures can be found here.
The principles of the GDPR
For the processing of personal data, the consent of the person concerned must be obtained. This means that the consent of the person concerned must be obtained for data processing when registering for the newsletter, submitting the contact form and, under certain circumstances, when concluding a contract. At fitogram this is guaranteed by our improved registration process.
The right “to be forgotten”
At the request of a customer, all personal customer data that the studio has about the customer must be deleted. This means that the customer must be deleted from the customer database. This is particularly difficult if you have distributed your data across different systems, for example if you have saved a second Excel spreadsheet on your PC. Try to find out where your data is stored (e.g. with FitogramPro and in the e-mail program) and make sure that you can delete this data on request.
Appointment of a data protection officer
If you have more than 10 employees in your studio, you are obliged to appoint a data protection officer. At fitogram this is Konstantin Pikal, you can reach him at email@example.com.
What do I need to know about the GDPR as a site operator / studio owner?
If you have already fulfilled the requirements of the BDSG, the changes are manageable. Here is a short checklist for your website:
If you use our online booking system, please proceed as follows:
- Download this file
- Under Section 1 (2) please add your name, your address, your e-mail address. If you permanently employ more than 10 people, you must also appoint a data protection officer. In this case, please also include the name and e-mail address of the data protection officer.
- Please attach the entire document to your privacy statement.
The legislator requires appropriate technical measures to protect personal data. These should be “state of the art”. This means that you should use the "https:" standard. You can often request this via your web host.
Check contact form
If you use a contact form, you must also make sure that you obtain the customer's consent for data processing. Here it is also important that the customer actively agrees to the data protection declaration.
Agree to data processing agreements
When you do provide personal information such as newsletter services, payment service providers, web analytics services, or other data processors, it is important that you have a contract with these partners. Our software will enable you to accept our data processing agreement in good time. If you want to read it now, you can find it here.
Where is your data stored?
Our data is stored on German servers (in Frankfurt). This enables us to comply with German data protection guidelines and at the same time to provide faster access times.
What happens with a deletion request?
If one of your customers wants to be deleted from your system, you can do this directly via FitogramPro. If someone wants to delete their account with fitogram, just forward this request to firstname.lastname@example.org.
What happens if a customer does not agree to the data processing?
In most cases, you may enter the customer in your software because you have a legitimate interest in the data processing according to Art. 6 Para. 1 Sentence 1. If they register via your online booking system or if you invite them, then they must agree to the data protection declaration. However, if someone wants to be deleted from your software at a later date, you must comply with this request.
How long is data stored?
In principle, we are obliged to store some data for 10 years. This is then data that is relevant under commercial or tax law. With all other data, we limit the processing after 2 years.